New Business Continuity Concerns for Healthcare Providers
Hospitals are no stranger to the concept of emergency preparedness, but the Centers for Medicare and Medicaid Services (CMS) has some definite ideas on what is acceptable in this arena and is making them clear in new Conditions of Participation, which must be implemented by Nov. 15, 2017.
And CMS is expanding at least some of the same requirements to 16 other types of inpatient and outpatient providers — and suppliers — from ambulatory surgery centers and psychiatric residential treatment facilities to organ procurement organizations, many of whom may not have thought about business continuity in such a prescriptive way before.
Some key takeaways from the rule for affected entities:
- Organizations need to take an “all hazards” approach to their emergency plan, which must be reviewed and updated annually. Preparing for active shooters, power outages and pandemics won’t be enough.
- Emergency plans must be managed by policies and procedures, no longer simply operational guidelines (so no more flexibility).
- Inpatient and outpatient facilities MUST coordinate with local agencies.
- Organizations must maintain contact with clinicians AND staff, both during and after the emergency, and must have an effective communications plan for patients and family members to cover the same time period.
- Facilities transferring patients during an emergency must ensure that the receiving facilities have the same standards for privacy and security of patient data.
- All employees must be trained and tested on the emergency plan, and must be able to demonstrate knowledge of emergency procedures, evacuation routes and patient instructions (expect this to come up in future accreditation surveys).
- Organizations must conduct two exercises annually, and one of these must be a full-scale facility or community-based drill.
CMS states that it will be granting no exceptions for non-compliance, including failure to provide required documentation to the agency.
So, how do you get ready for these new requirements?
You can certainly read the (yawn) Final Rule, but I would recommend the more accessible resources to be found at the website of the Assistant Secretary of Preparedness and Response (ASPR) of the federal Department of Health and Human Services (HHS). ASPR’s Healthcare Emergency Preparedness Information Gateway, TRACIE (Technical Resources, Assistance Center, Information Exchange), has a wealth of information, including specific requirements by provider type, a helpful overview presentation and more.
Oh, and you may want to make sure your business continuity management (BCM) system is up to the task.
Latest posts by Jay Lechtman (see all)
- Top Five Methods for Identifying Risks, and How Data Visualization Can Help - May 23, 2017
- Why Data Visualization Matters in Risk Management - May 9, 2017
- New CMS Rule, Customer Centricity Push Patient Safety Further Forward - April 28, 2017
- For Healthcare Providers an Ounce of Prevention … is Now Going to be Required by CMS - March 2, 2017
- Healthcare Data Security: What You Should be Asking Your Vendors… and Yourself - August 1, 2016